... the articles and musings of a technology and science journalist

Managed Services

07/07/2010

The e-mail appeared to be an invitation from an old, junior high school friend. Yet when the hospital employee clicked on the link, it instead led her to a malicious site that installed a Trojan horse on her computer. In a little over a week, international cybercriminals used that beachhead to steal more than $600,000 from the woman's employer, according to a terse description of the incident on the Information Systems Security Association’s Web site.

A number of similar incidents to this one highlight the threats of online crime facing small and midsize businesses (SMBs), says Stan Stahl, president of Citadel Information Group and president of the Los Angeles chapter of the ISSA.

"Typically, they say, 'We have firewalls in place and have AV on all the desktops, so I guess we are secure,'" Stahl says. "But today cybercrime is so sophisticated that is not enough anymore."

06/23/2010

Deciding on a managed security service provider is a huge step for any organization, especially if you're looking to get multiple capabilities from that lone provider.

But handling the ongoing relationship after you've chosen the provider might be even more important, experts say.

Most enterprises these days are hiring a single managed security service provider, not multiple providers, experts say. This means you'd better be sure you find one you can work with over the long haul.

06/09/2010

The problem of customers' compromised computers sending spam can dramatically impact an ISP's bottom line, according to a survey by Osterman Research released today: Nearly 40 percent of ISPs had their IP addresses blacklisted by the Real Time Blackhole Lists (RBLs) in the past year. A blacklisted mail server could lead to dropped e-mail -- and an increase in support calls to the ISP.

The outbound spam issue highlighted by the report is one example of the business issues that compromised computers pose for ISPs. One in six providers spends more than $100,000 attempting to prevent outbound spam from impacting their business, according to the report, which was funded by e-mail security service CommTouch.

05/26/2010

Managed security contracts that reward providers for notifying their clients of breaches provide better security, according to a mathematical analysis conducted by three researchers at the University of Texas at Dallas and the Middle East Technical University.

The research, which will be presented at the Workshop on the Economics of Information Security (WEIS) 2010 next month, analyzed a common type of contract used today in which a provider assesses a fee for its managed security service, but refunds part of the fee -- as a penalty -- if there is a breach.

Using game-theory analysis, the researchers established that this commonly used contract model provides no incentive for the provider to notify its client of a breach.

05/12/2010

Two major announcements this week indicate software-as-a-service (SaaS) security offerings are heating up, becoming both more comprehensive and easier to manage, experts say.

Symantec today announced its Hosted Endpoint Solution (HEP), a service that will allow small and midsize businesses to manage all of their desktop security clients from a single portal.

The announcement came a day after Verizon Business launched a comprehensive cloud security service, rolling antispam, firewall, intrusion detection, and denial-of-service attack protection into a single service that doesn't require on-premise equipment.

04/27/2010

The quality and functionality of third-party security services has improved in recent years, experts say. Unfortunately, the cost of those services hasn't.

Despite the budget pressures caused by a bad economy, most security services firms have not cut their subscription prices, experts say. Although market pressures have driven costs slightly lower than they were five years ago, current prices are more stable, says Jason Hilling, executive for management and service strategy at IBM.

"The costs are not going down significantly with the maturation and saturation of the market," Hilling says, "but companies are delivering more for the same cost."